Intego: Malware masquerades as Flash installer

Intego reported that the Flashback malware is available on some sites that offer a link or icon to install Flash Player; Lion users may be vulnerable to the scam because the operating system doesn't automatically include Flash. If users do click on the malicious link in Safari--launching the Mac OS X Installer--the software deactivates some security code, then deletes the original installation package. The malware then sends information about the infected Mac back to a remote server. Intego analysts are still investigating Flashback's purposes.

Protecting your Mac from this Flashback is relatively easy: Only download Flash from Adobe.com.

Monday's announcement is the second Trojan horse warning to Mac users in the last week. On Friday, security firm F-Secure warned against Trojan-Dropper:OSX/Revir.A, which appears as a Chinese-language PDF; open it up, and a backdoor connection to a remote server is made.

As Macworld's Serenity Caldwell noted after Friday's warning about the PDF malware, one way for Mac users--particularly those who use Safari--to avoid a problem with Trojan horse malware is to uncheck Safari's Open 'Safe' Files After Downloading option (Safari -> Preferences -> General); then, as long as you practice common sense computing, you should be safe from most malicious attacks. You should also be sure to keep your OS X malware definitions up to date.